package com.policyCloud.policyOauth.configuration;

import com.policyCloud.policyOauth.security.filter.CustomLogoutHandler;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
import org.springframework.security.web.session.SessionManagementFilter;


/**
 * @所在包: com.oauth2.configuration
 * @文件名:ResourceServerConfiguration
 * @版权:四川兴财信息产业发展有限公司.
 * @项目:centrality
 * @功能描述: 资源服务端
 * @创建人: 龟派气功rmk
 * @时间: 2018-11-09 16:35
 **/
@Configuration
@EnableResourceServer
//@Order(6)
public class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .requestMatchers().antMatchers("/**")
                .and().authorizeRequests()
                .antMatchers("/**").permitAll();
//                .anyRequest().authenticated()
//                .and().logout()
//                .logoutUrl("/logout")
//                .clearAuthentication(true)
//                .logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler())
//                .addLogoutHandler(customLogoutHandler());

    }



//    @Bean
//    public CustomSecurityFilter customSecurityFilter() {
//        return new CustomSecurityFilter();
//    }

//    @Bean
//    public CustomLogoutHandler customLogoutHandler() {
//        return new CustomLogoutHandler();
//    }


    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        super.configure(resources);
    }


}
